001 /*
002 * Copyright 1998-2005 Sun Microsystems, Inc. All Rights Reserved.
003 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004 *
005 * This code is free software; you can redistribute it and/or modify it
006 * under the terms of the GNU General Public License version 2 only, as
007 * published by the Free Software Foundation. Sun designates this
008 * particular file as subject to the "Classpath" exception as provided
009 * by Sun in the LICENSE file that accompanied this code.
010 *
011 * This code is distributed in the hope that it will be useful, but WITHOUT
012 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014 * version 2 for more details (a copy is included in the LICENSE file that
015 * accompanied this code).
016 *
017 * You should have received a copy of the GNU General Public License version
018 * 2 along with this work; if not, write to the Free Software Foundation,
019 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020 *
021 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022 * CA 95054 USA or visit www.sun.com if you need additional information or
023 * have any questions.
024 */
025
026 package javax.security.auth;
027
028 /**
029 * This class is for authentication permissions.
030 * An AuthPermission contains a name
031 * (also referred to as a "target name")
032 * but no actions list; you either have the named permission
033 * or you don't.
034 *
035 * <p> The target name is the name of a security configuration parameter
036 * (see below). Currently the AuthPermission object is used to
037 * guard access to the Policy, Subject, LoginContext,
038 * and Configuration objects.
039 *
040 * <p> The possible target names for an Authentication Permission are:
041 *
042 * <pre>
043 * doAs - allow the caller to invoke the
044 * <code>Subject.doAs</code> methods.
045 *
046 * doAsPrivileged - allow the caller to invoke the
047 * <code>Subject.doAsPrivileged</code> methods.
048 *
049 * getSubject - allow for the retrieval of the
050 * Subject(s) associated with the
051 * current Thread.
052 *
053 * getSubjectFromDomainCombiner - allow for the retrieval of the
054 * Subject associated with the
055 * a <code>SubjectDomainCombiner</code>.
056 *
057 * setReadOnly - allow the caller to set a Subject
058 * to be read-only.
059 *
060 * modifyPrincipals - allow the caller to modify the <code>Set</code>
061 * of Principals associated with a
062 * <code>Subject</code>
063 *
064 * modifyPublicCredentials - allow the caller to modify the
065 * <code>Set</code> of public credentials
066 * associated with a <code>Subject</code>
067 *
068 * modifyPrivateCredentials - allow the caller to modify the
069 * <code>Set</code> of private credentials
070 * associated with a <code>Subject</code>
071 *
072 * refreshCredential - allow code to invoke the <code>refresh</code>
073 * method on a credential which implements
074 * the <code>Refreshable</code> interface.
075 *
076 * destroyCredential - allow code to invoke the <code>destroy</code>
077 * method on a credential <code>object</code>
078 * which implements the <code>Destroyable</code>
079 * interface.
080 *
081 * createLoginContext.{name} - allow code to instantiate a
082 * <code>LoginContext</code> with the
083 * specified <i>name</i>. <i>name</i>
084 * is used as the index into the installed login
085 * <code>Configuration</code>
086 * (that returned by
087 * <code>Configuration.getConfiguration()</code>).
088 * <i>name</i> can be wildcarded (set to '*')
089 * to allow for any name.
090 *
091 * getLoginConfiguration - allow for the retrieval of the system-wide
092 * login Configuration.
093 *
094 * createLoginConfiguration.{type} - allow code to obtain a Configuration
095 * object via
096 * <code>Configuration.getInstance</code>.
097 *
098 * setLoginConfiguration - allow for the setting of the system-wide
099 * login Configuration.
100 *
101 * refreshLoginConfiguration - allow for the refreshing of the system-wide
102 * login Configuration.
103 * </pre>
104 *
105 * <p> The following target name has been deprecated in favor of
106 * <code>createLoginContext.{name}</code>.
107 *
108 * <pre>
109 * createLoginContext - allow code to instantiate a
110 * <code>LoginContext</code>.
111 * </pre>
112 *
113 * <p> <code>javax.security.auth.Policy</code> has been
114 * deprecated in favor of <code>java.security.Policy</code>.
115 * Therefore, the following target names have also been deprecated:
116 *
117 * <pre>
118 * getPolicy - allow the caller to retrieve the system-wide
119 * Subject-based access control policy.
120 *
121 * setPolicy - allow the caller to set the system-wide
122 * Subject-based access control policy.
123 *
124 * refreshPolicy - allow the caller to refresh the system-wide
125 * Subject-based access control policy.
126 * </pre>
127 *
128 * @version 1.61, 05/05/07
129 */
130 public final class AuthPermission extends java.security.BasicPermission {
131
132 private static final long serialVersionUID = 5806031445061587174L;
133
134 /**
135 * Creates a new AuthPermission with the specified name.
136 * The name is the symbolic name of the AuthPermission.
137 *
138 * <p>
139 *
140 * @param name the name of the AuthPermission
141 *
142 * @throws NullPointerException if <code>name</code> is <code>null</code>.
143 * @throws IllegalArgumentException if <code>name</code> is empty.
144 */
145 public AuthPermission(String name) {
146 // for backwards compatibility --
147 // createLoginContext is deprecated in favor of createLoginContext.*
148 super (
149 "createLoginContext".equals(name) ? "createLoginContext.*"
150 : name);
151 }
152
153 /**
154 * Creates a new AuthPermission object with the specified name.
155 * The name is the symbolic name of the AuthPermission, and the
156 * actions String is currently unused and should be null.
157 *
158 * <p>
159 *
160 * @param name the name of the AuthPermission <p>
161 *
162 * @param actions should be null.
163 *
164 * @throws NullPointerException if <code>name</code> is <code>null</code>.
165 * @throws IllegalArgumentException if <code>name</code> is empty.
166 */
167 public AuthPermission(String name, String actions) {
168 // for backwards compatibility --
169 // createLoginContext is deprecated in favor of createLoginContext.*
170 super (
171 "createLoginContext".equals(name) ? "createLoginContext.*"
172 : name, actions);
173 }
174 }
|